Jump to content

Nitol botnet

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Excirial (talk | contribs) at 16:47, 27 December 2012 (Creating initial article for Nitol Botnet.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

The Nitol botnet is a botnet mostly involved in spreading malware and distributed denial-of-service attacks. [1][2]

History

The Nitol Botnet was first discovered around December 2010, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected. [3][4] In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.[5] According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows [3]

On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently Sinkholing the 3322.org domain. [6][7] The 3322.org domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet. [8]. Microsoft later settled with 3322.org operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to mallware remain sinkholed.[9]

See also

References

  1. ^ Gonsalves, Antone. "Compromised Windows PCs bought in China pose risk to U.S." Networkworld. Retrieved 27 December 2012.
  2. ^ Plantado, Rex (15 Oct 2012). "MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
  3. ^ a b Plantado, Rex (22-oct-2012). "MSRT October '12 - Nitol by the numbers". Microsoft. Microsoft Technet. Retrieved 27 December 2012. {{cite web}}: Check date values in: |date= (help)
  4. ^ Mimoso, Michael (September 13, 2012). "Microsoft Carries out Nitol Botnet Takedown". Threatpost. Retrieved 27 December 2012.
  5. ^ "Microsoft Report Exposes Malware Families Attacking Supply Chain". BBC. Retrieved 27 December 2012.
  6. ^ Leyden, John (13th September 2012). "Microsoft seizes Chinese dot-org to kill Nitol bot army". The Register. Retrieved 27 December 2012. {{cite web}}: Check date values in: |date= (help)
  7. ^ Jackson Higgins, Kelly (Sep 13, 2012). "Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains". Dark Reading. Retrieved 27 December 2012.
  8. ^ Ollmann, Gunter (September 13th, 2012). "Nitol and 3322.org Takedown by Microsoft". Damballa. Retrieved 27 December 2012. {{cite web}}: Check date values in: |date= (help)
  9. ^ Leyden, John (4th October 2012). "Chinese Nitol botnet host back up after Microsoft settles lawsuit". The Register. Retrieved 27 December 2012. {{cite web}}: Check date values in: |date= (help)
Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Nitol_botnet&oldid=530001251"